Security Vulnerabilities, CVEs, Published In September 2013 (Sql injection)
SQL injection vulnerability in property_listings_detail.php in Real Estate PHP Script allows remote attackers to execute arbitrary SQL commands via the listingid parameter.
Max CVSS
7.5
EPSS Score
0.13%
Published
2013-09-23
Updated
2013-10-15
SQL injection vulnerability in wp-comments-post.php in the NOSpam PTI plugin 2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the comment_post_ID parameter.
Max CVSS
7.5
EPSS Score
0.12%
Published
2013-09-23
Updated
2013-09-23
SQL injection vulnerability in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to "ABAD0_DELETE_DERIVATION_TABLE."
Max CVSS
7.5
EPSS Score
0.35%
Published
2013-09-12
Updated
2018-12-10
SQL injection vulnerability in mod_accounting.c in the mod_accounting module 0.5 and earlier for Apache allows remote attackers to execute arbitrary SQL commands via a Host header.
Max CVSS
7.5
EPSS Score
0.11%
Published
2013-09-30
Updated
2013-10-11
CVE-2013-5696
Public exploit
inc/central.class.php in GLPI before 0.84.2 does not attempt to make install/install.php unavailable after an installation is completed, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks, and (1) perform a SQL injection via an Etape_4 action or (2) execute arbitrary PHP code via an update_1 action.
Max CVSS
6.8
EPSS Score
61.10%
Published
2013-09-23
Updated
2013-09-23
SQL injection vulnerability in testimonial.php in the IndiaNIC Testimonial plugin 2.2 for WordPress allows remote attackers to execute arbitrary SQL commands via the custom_query parameter in a testimonial_add action to wp-admin/admin-ajax.php.
Max CVSS
7.5
EPSS Score
1.40%
Published
2013-09-10
Updated
2017-08-29
Multiple SQL injection vulnerabilities in GetEventsServlet in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 allow remote attackers to execute arbitrary SQL commands via the (1) sort or (2) dir parameter.
Max CVSS
7.5
EPSS Score
5.90%
Published
2013-09-16
Updated
2013-09-26
Moodle through 2.2.11, 2.3.x before 2.3.9, 2.4.x before 2.4.6, and 2.5.x before 2.5.2 does not prevent use of '\0' characters in query strings, which might allow remote attackers to conduct SQL injection attacks against Microsoft SQL Server via a crafted string.
Max CVSS
7.5
EPSS Score
0.12%
Published
2013-09-16
Updated
2020-12-01
SQL injection vulnerability in admindocumentworker.jsp in Coursemill Learning Management System (LMS) 6.6 allows remote authenticated users to execute arbitrary SQL commands via the docID parameter.
Max CVSS
7.5
EPSS Score
0.09%
Published
2013-09-06
Updated
2013-09-06
9 vulnerabilities found